Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search |
Name: libXpm4 | Distribution: openSUSE Tumbleweed |
Version: 3.5.17 | Vendor: openSUSE |
Release: 1.1 | Build date: Thu Oct 5 22:34:02 2023 |
Group: System/Libraries | Build host: i04-ch2a |
Size: 60096 | Source RPM: libXpm-3.5.17-1.1.src.rpm |
Packager: https://bugs.opensuse.org | |
Url: https://xorg.freedesktop.org/ | |
Summary: X Pixmap image file format library |
libXpm facilitates working with XPM (X PixMap), a format for storing/retrieving X pixmaps to/from files.
MIT
* Tue Oct 03 2023 Stefan Dirsch <sndirsch@suse.com> - Update to 3.5.17 * This release contains fixes for the libXpm issues reported in security advisory here: https://lists.x.org/archives/xorg-announce/2023-October/003424.html * fixes CVE-2023-43788 libXpm: out of bounds read in XpmCreateXpmImageFromBuffer() (boo#1215686) * fixes CVE-2023-43789 libXpm: out of bounds read on XPM with corrupted colormap (boo#1215687) * Tue Apr 18 2023 Stefan Dirsch <sndirsch@suse.com> - update to 3.5.16: * test: skip compressed file tests when --disable-open-zfile is used * gitlab CI: build with each of --enable-open-zfile & --disable-open-zfile * configure: correct error message to suggest --disable-open-zfile * open-zfile: Make compress & uncompress commands optional * Require LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL * XpmCreateDataFromXpmImage: Fix misleading indentation * parse.c: Wrap FREE_CIDX definition in do { ... } while(0) * parse.c: remove unused function xstrlcpy() * test: Use PACKAGE_BUGREPORT instead of hard-coded URL's * test: Add simple test cases for functions in src/rgb.c * xpmReadRgbNames: constify filename argument * Fix a memleak in ParsePixels error code path * Thu Apr 13 2023 Stefan Dirsch <sndirsch@suse.com> - with switching to suggests making use of (n)compress no longer needs to be limited to openSUSE * Thu Apr 13 2023 Stefan Dirsch <sndirsch@suse.com> - suggests instead of require compress (see changelog below) * Wed Apr 12 2023 Stefan Dirsch <sndirsch@suse.com> - require compress (ncompress package) on openSUSE; it's not supported on SLE * Wed Apr 12 2023 Fabian Vogt <fvogt@suse.com> - Drop n_no-compress-on-sle.patch and set XPM_PATH_COMPRESS instead (xpmPipeThrough function returns NULL when the command is not available; so same result as with the patch applied; that the child process for executing 'compress' returns with exit(1) doesn't matter much; it might even be useful to see the error message ...) * Wed Apr 12 2023 Stefan Dirsch <sndirsch@suse.com> - Depend also on /usr/bin/uncompress, not only /usr/bin/gzip; Requiring binaries instead of packages resolves the file conflict with busybox-gzip, which is used when building nginx opensuse images; dep chain was: nginx -> libdg3 -> libXpm4 -> gzip ==> conflict with busybox-gzip * Tue Apr 11 2023 Fabian Vogt <fvogt@suse.com> - Depend on /usr/bin/gzip, not gzip * Mon Apr 03 2023 Stefan Dirsch <sndirsch@suse.com> - n_no-compress-on-sle.patch * we can't handle .Z files, since we don't have ncompress package on SLE; so disable this feature as before (bsc#1207031) - BuildRequires * removed again ncompress * added again autoconf, automake, libtool - run again autoreconf due to patch above * Mon Apr 03 2023 Dirk Müller <dmueller@suse.com> - update to 3.5.15: * Use gzip -d instead of gunzip * Prevent a double free in the error code path * Fix CVE-2022-4883: compression commands depend on $PATH * Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height * test: add test cases for CVE-2022-44617 (zero-width w/enormous height) * Fix CVE-2022-46285: Infinite loop on unclosed comments * test: add test case for CVE-2022-46285 (unclosed comments) * cxpm: getc/ungetc wrappers should not adjust position when c == EOF * test: Add unit tests using glib framework * configure: add --disable-open-zfile instead of requiring -DNO_ZPIPE * man pages: Apply standard man page style/formatting * man pages: Replace "See Also" entries with more useful ones * man pages: Fix typos and other minor editing - drop U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch, U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch, U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch, U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch, U_regression-bug1207029_1207030_1207031.patch U_regression2-bug1207029_1207030_1207031.patch: upstream - switch urls to https - spec file cleanups - add gpg keyring validation * Wed Jan 11 2023 Stefan Dirsch <sndirsch@suse.com> - U_0001-configure-add-disable-open-zfile-instead-of-requirin.patch * needed by U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch - U_0002-Fix-CVE-2022-46285-Infinite-loop-on-unclosed-comment.patch * libXpm: Infinite loop on unclosed comments (CVE-2022-46285, bsc#1207029) - U_0004-Fix-CVE-2022-44617-Runaway-loop-with-width-of-0-and-.patch * libXpm: Runaway loop on width of 0 and enormous height (CVE-2022-44617, bsc#1207030) - U_0005-Fix-CVE-2022-4883-compression-commands-depend-on-PAT.patch * libXpm: compression commands depend on $PATH (CVE-2022-4883, bsc#1207031) - U_regression-bug1207029_1207030_1207031.patch * regression fix for above patches - U_regression2-bug1207029_1207030_1207031.patch * second regression fix: Use gzip -d instead of gunzip * Sun Nov 20 2022 Stefan Dirsch <sndirsch@suse.com> - Update to version 3.5.14 * Fix spelling/wording issues * man: strip trailing whitespace * gitlab CI: add a basic build test * man pages: Make file names consistent with their displayed names * man pages: Fix shadow man pages * man pages: Make function synopses more consistent with other pages * man pages: Add missing word 'function' where needed * man pages: Fix typos * man pages: Correct Copyright/License notices * add man pages based on doc/xpm.PS * update man pages * Sat Jan 04 2020 Stefan Dirsch <sndirsch@suse.com> - Update to version 3.5.13 The fixes here are some found by static analysers, and a build fix for Windows (which, curiously, is dated to 2012 so clearly we're at the top of the game here). Nothing overly exciting, but covscan, parfait, etc. should be a bit happier now.
/usr/lib64/libXpm.so.4 /usr/lib64/libXpm.so.4.11.0
Generated by rpm2html 1.8.1
Fabrice Bellet, Thu Dec 26 00:01:52 2024